[Git][security-tracker-team/security-tracker][master] 5 commits: add openssh
Thorsten Alteholz
alteholz at debian.org
Mon Jan 21 15:15:16 GMT 2019
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3ba09897 by Thorsten Alteholz at 2019-01-21T15:06:13Z
add openssh
- - - - -
830540c5 by Thorsten Alteholz at 2019-01-21T15:06:14Z
mark CVE-2018-20712 as no-dsa for jessie
- - - - -
1fab3234 by Thorsten Alteholz at 2019-01-21T15:06:14Z
add firmware-nonfree
- - - - -
0574e5b3 by Thorsten Alteholz at 2019-01-21T15:06:16Z
mark CVE-2019-6293 as no-dsa for jessie
- - - - -
07d6ee5a by Thorsten Alteholz at 2019-01-21T15:06:17Z
mark CVE-2019-5010 as postponed for jessie
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -530,6 +530,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin before 3.2.4 for WordPress,
CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...)
- flex <unfixed> (low; bug #919428)
[stretch] - flex <no-dsa> (Minor issue)
+ [jessie] - flex <no-dsa> (Minor issue)
NOTE: https://github.com/westes/flex/issues/414
CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...)
- yaml-cpp <unfixed> (bug #919430)
@@ -580,6 +581,7 @@ CVE-2019-6279
CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
+ [jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
CVE-2018-20711
@@ -3372,6 +3374,7 @@ CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certifica
- python3.4 <removed>
- python2.7 <unfixed>
[stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
+ [jessie] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
NOTE: https://bugs.python.org/issue35746
NOTE: https://github.com/python/cpython/pull/11569
NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x)
=====================================
data/dla-needed.txt
=====================================
@@ -27,6 +27,9 @@ exiv2 (Thorsten Alteholz)
faad2
NOTE: 20181214: No known patch yet. Not urgent but would be good to fix. (opal)
--
+firmware-nonfree
+ NOTE: needed by sponsors
+--
freerdp (Mike Gabriel)
NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I will ask upstream
@@ -90,6 +93,8 @@ openjpeg2
NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not sure it's worth it either.
NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
--
+openssh
+--
phpmyadmin (Lucas Kanashiro)
NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by sunweaver, with frontdesk hat on)
NOTE: 20190116: Please also triage CVE-2018-19969. Thanks.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190121/a5f5b641/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list